The beginning of 2017 has brought a number of HIPAA enforcement actions involving covered entities. These enforcement actions indicate that HHS is continuing recent efforts to step up HIPAA enforcement and levy significant penalties for non-compliance. In January, HHS announced that it had reached a $475,000 settlement with a large health care network for failure … Continue Reading

A new post over on Covington’s eHealth blog discusses HIPAA-related provisions in the Twenty-First Century Cures Act, signed by President Obama on December 13. These provisions direct HHS to consider HIPAA’s effects on mental health treatment and the availability of health data for research purposes. Read the full post here.… Continue Reading

The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware. Ransomware is a malicious software … Continue Reading

Today we published a post on the Covington eHealth blog regarding a recent report by the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC). The ONC report highlights “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by … Continue Reading

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone. This recent enforcement action should put business associates … Continue Reading

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy. In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has begun to audit covered entities and business associates for compliance with HIPAA. A new post on the Covington eHealth blog discusses recent developments in OCR’s efforts to move these audits forward.… Continue Reading

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy. As part of … Continue Reading

On Tuesday, February 9, the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule to update regulations at 42 C.F.R. Part 2 that protect the confidentiality of alcohol and drug abuse patient records. The regulations were originally promulgated in 1975 and last substantively updated in 1987. SAMHSA intends for these updates to … Continue Reading

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS). We previously discussed the proposed rule here. Background: The NICS, maintained by … Continue Reading

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers. The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications. To read the post, click here.… Continue Reading

On September 8, 2015, sixteen federal agencies published a long-awaited Notice of Proposed Rulemaking (NPRM) to modernize the Federal Policy for the Protection of Human Subjects, known as the “Common Rule.” The proposal, available here, includes a number of changes related to privacy and data security and other changes relevant to entities seeking to conduct … Continue Reading

About the Covington Data Privacy and Cybersecurity group

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular. Read More